An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1898475 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html | Mailing List |
https://security.gentoo.org/glsa/202310-12 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230420-0010/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
27 Mar 2024, 14:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
20 Oct 2023, 18:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
|
References | (GENTOO) https://security.gentoo.org/glsa/202310-12 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html - Mailing List | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230420-0010/ - Third Party Advisory | |
First Time |
Netapp h700s Firmware
Netapp h700s Netapp h300s Netapp h410s Firmware Netapp h500s Firmware Netapp active Iq Unified Manager Broadcom brocade Fabric Operating System Firmware Netapp clustered Data Ontap Debian debian Linux Netapp Netapp h410s Netapp h300s Firmware Netapp h500s Debian Broadcom |
11 Oct 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | |
References |
|
14 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Apr 2023, 16:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1898475 - Exploit, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/ - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
CWE | CWE-287 | |
First Time |
Fedoraproject
Fedoraproject fedora Haxx libcurl Haxx |
09 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-30 20:15
Updated : 2024-03-27 14:46
NVD link : CVE-2023-27538
Mitre link : CVE-2023-27538
CVE.ORG link : CVE-2023-27538
JSON object : View
Products Affected
netapp
- h700s_firmware
- h300s_firmware
- h500s
- h300s
- h410s
- h410s_firmware
- h500s_firmware
- active_iq_unified_manager
- clustered_data_ontap
- h700s
splunk
- universal_forwarder
debian
- debian_linux
haxx
- libcurl
broadcom
- brocade_fabric_operating_system_firmware
fedoraproject
- fedora